Get your update caps on, it’s that time of the month everyone! Patch/Update Tuesday came and went while Microsoft and Adobe issued their usual monthly software patches to fix various vulnerabilities.
If you are a regular reader of Komando.com, you should know by now that Microsoft issues a set of cumulative updates once a month.
It usually falls on the second Tuesday of each month and is unofficially called Patch or Update Tuesday by tech fans and savvy Windows PC users.
July 2018 Patch Tuesday
This month, Microsoft issued 53 patches for a variety of vulnerabilities, including 17 critical fixes.
15 of these critical patches are aimed at Internet Explorer and Microsoft Edge browser bugs while three of them are already publicly disclosed. This means attackers may be already exploiting these three critical bugs. To protect yourself, you need to update as soon as you can.
Publicly disclosed flaws
The first publicly disclosed flaw is an elevation of privilege bug (CVE-2018-8313) that affects all Windows systems except Windows 7. This flaw could allow an attacker to take over processes to change their privilege levels and permissions.
The second publicly known flaw is another elevation of privilege bug ( CVE-2018-8314) that affects all Windows systems except Windows Server 2016. With this flaw, attackers can escape a system’s built-in sandbox protections to elevate their privileges and permissions.
The third publicly disclosed flaw is a spoofing bug in Microsoft’s Edge browser (CVE-2018-8278). This flaw is particularly dangerous because it allows an attacker to fool users into thinking that a fake website is legitimate.
Microsoft also issued patches for dangerous remote code execution vulnerabilities on .Net Framework and Microsoft Office, which could allow attackers to trick their targets into loading malicious code via a booby-trapped Office document.
A critical remote code execution flaw in the PowerShell Editor and PowerShell Extension (CVE-2018-8327) was also patched, which would have allowed an attacker to execute malicious code on an unpatched system.
And as usual, Microsoft also bundled patches for Adobe products in its Patch Tuesday updates too.
PDF document software Adobe Acrobat and Adobe Reader get a whopping total of 100 security patches this time around. These patches include fixes for a variety of code execution exploits including type confusion, buffer error, use-after-free, out-of-bounds-write, heap overflow and security bypass errors.
Additionally, at least two critical Flash Player vulnerabilities are included, which could allow an attacker to take complete remote control of a vulnerable computer by exploiting the antiquated plug-in.
If you still rely on using Flash Player for websites (you shouldn’t), it’s important that you update to the latest version 18.104.22.168 immediately.
How to update Windows
Most Windows machines are set to download and install updates automatically by default. If you haven’t changed your automatic update settings then you should be fine.
If you want to check, here’s how:
On Windows 10, click Start (Windows logo), choose “Settings,” select “Update & Security,” then on the “Windows Update” section, select “Check for Updates.”
(Note: the “Windows Update” section is also handy for showing you updates that are currently being downloaded or applied.)
If you have an older Vista or Windows 7 system, check out our tips on how to set up and check Windows Updates.
For Chrome, Internet Explorer 11, and Microsoft Edge browsers, the updates should be applied automatically after a restart. For other browsers, you may need to update the Flash plugin manually.
The latest Flash Player version for Windows, Mac, Chrome, Microsoft Edge and Internet Explorer 11 and Linux is 22.214.171.124.
Adobe Acrobat and Reader users can update their software installations to the latest versions by following these instructions:
- Manually by choosing Help >> Check for Updates.
- The products can also update automatically, without requiring user intervention, when updates are detected.
- For manual installations, the full Acrobat Reader installer can be downloaded from the Acrobat Reader Download Center.
Note: Before you apply any operating system update, make sure you have a good backup plan in place. We recommend our sponsor, IDrive, for fast and reliable cloud backups. Back up all your gadgets and save 50% on all your backup needs and get 2TB of storage for less than $35!